Study

Interested in studying at Northumbria? With 31,500 students, Northumbria is one of the largest universities in the country, offering courses on either a full-time, part-time or distance learning basis.

Study Abroad Erasmus and Exchange

Business

The world is changing faster than ever before. The future is there to be won by organisations who find ways to turn todays possibilities into tomorrows competitive edge. In a connected world, collaboration can be the key to success.

Research

Northumbria is a research-rich, business-focused, professional university with a global reputation for academic quality. We conduct ground-breaking research that is responsive to the science & technology, health & well being, economic and social and arts & cultural needs for the communities

About Us

Northumbria University is based in the heart of Newcastle upon Tyne, which is regularly voted the best place in the UK for students who are attracted by our excellent academic reputation, our top 10 graduate employment record and our outstanding campus and sports facilities.

GDPR - Principles

The General Data Protection Regulation (GDPR) is underpinned by a number of data protection principles which drive compliance. Under Article 5 of the GDPR, the main responsibilities for organisations is to ensure that personal data is processed in line with the following Principles:

a) Processed lawfully, fairly and in a transparent manner in relation to individuals

Transparency: Tell the data subject what data processing will be done.

Fair: What is processed must match up with how it has been described.

Lawful: Processing must meet the tests described in GDPR [article 5, clause 1(a)].

b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes

Personal data can only be obtained for “specified, explicit and legitimate purposes”[article 5, clause 1(b)].

Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent.

c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed” [article 5, clause 1(c)]. In other words, no more than the minimum amount of data should be kept for specific processing.

d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay

Data must be “accurate and where necessary kept up to date” [article 5, clause 1(d)].

e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;

Personal data is “kept in a form which permits identification of data subjects for no longer than necessary” [article 5, clause 1(e)].

In summary, data no longer required should be removed (or anonymised).

f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Data should only be processed “in a manner [ensuring] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage” [article 5, clause 1(f)].

Accountability

A further principle of accountability is added to the six main principles.

The principle of accountability aims to guarantee compliance with the Data Protection Principles and places the onus on the University to prove it's compliance. This means that that the University must be proactive in identifying areas of potential risk and comprehensive in our approach to addressing potential areas of non-compliance. Ultimately we are all accountable for delivering data protection compliance.